Zero trust, deception & disruption, change management Flashcards
Zero trust
You have to authenticate or prove yourself each time you want to gain access.
How can we start implementing zero trust?
Take our security devices & break them into smaller components.
Data plane
Part of device that processes frames, packets, network data.
Ex: switch, router firewall
Control plane
Manages actions occurring in the data plane, Configuring policies & rules.
Ex: routing tables, firewall rule, NAT tables
How do we control trust?
- Adaptive Identity
- Threat scope reduction
- Policy-driven access control
Adaptive identity
We want to look at the source of the requested resources.
Ex: physical location, IP address, relationship to org.
Threat scope reduction
decrease the # of possible entry points to get into the network
Policy-driven access control
Combines all the individual data points (adaptive identity) then decides what type of authentication to use
Another way to qualify identity of a person is through-
Security Zones, look at where they’re coming from and where they’re going.
**set rules on what zone has access to other zones
Policy enforcement point (gatekeeper)
§ Gathers all info about traffic, then provides it to PDP.
All of traffic that’s traversing through network must pass through PEP.
Policy decision point
responsible for examining the authentication
Policy engine
Evaluates each access decision based on policy.
Grant, deny, or revoke.
Policy administrator
○ Takes that decision and communicates w/ PEP
○ Generates access tokens or credentials
○ Tells the PEP to allow or disallow access
Honeypot
Attract attackers to system, & keep them involved to trap them there.
Creates a virtual world to explore.
Honeynets
A large deception network w. one or more honeypots.
Ex: servers, workstations, routers, switches
Honeyfiles
bait for the honeynet
Add many honey files to file shares
Honeytokens
track malicious data, add traceable data
Change approval process includes-
- Complete the request forms
- Determining the purpose of the change
- Identify the scope of the change (single system or multiple systems)
- Schedule a date and time of the change
- Determine affected systems & impact
- Analyze the risk associated w/ change
Impact analysis
Recognizing the risk that is involved in a particular change
What are the risk of not making a change?
- Security vulnerability
- Application unavailability
- Unexpected downtime
Sandbox testing environment
Perform as many tests as you’d like and have no effect on your production system
Backout plan
strategy for reverting back to your previous system state
**Always have backups
Maintenance window
Scheduled periods of time when system updates, backups, and tests are performed on applications.
**overnight best choice
Standard operating procedure
Step-by-step instructions to help workers carry out routine operations.
**process must be documented
Living document
policy, plan or framework that is continuously updated and revised to reflect the changing cyber landscape.
A change approval is-
- Timely
- Scope of change is important
- Specific
Legacy applications
Applications that were here before you arrived.
No longer supported by developer
Dependencies
Connections between assets where the state of one relies to the other.
A service will not start w/o other active services.
Version control
A software system that tracks changes to a file or configuration data over time.
